CVE-2024-27348 Apache HugeGraph-Server: Command execution in gremlin

🗓️ 22 Apr 2024 14:08:06Reported by apacheType

Remote Command Execution in Apache HugeGraph-Serve

Reporter	Title	Published	Views	Family All 36
0day.today	Apache HugeGraph Gremlin Remote Code Execution Exploit	15 Aug 202400:00	–	zdt
GithubExploit	Exploit for Improper Access Control in Apache Hugegraph	3 Jun 202419:08	–	githubexploit
GithubExploit	Exploit for Improper Access Control in Apache Hugegraph	10 Feb 202503:24	–	githubexploit
GithubExploit	Exploit for Improper Access Control in Apache Hugegraph	30 Mar 202610:52	–	githubexploit
GithubExploit	Exploit for Improper Access Control in Apache Hugegraph	31 May 202420:11	–	githubexploit
GithubExploit	Exploit for Improper Access Control in Apache Hugegraph	12 Jun 202408:14	–	githubexploit
ATTACKERKB	CVE-2024-27348	22 Apr 202400:00	–	attackerkb
Tenable Nessus	Apache HugeGraph Server 1.0.x < 1.3.0 (CVE-2024-27348)	25 Oct 202400:00	–	nessus
Tenable Nessus	Apache Hugegraph 1.0.0 < 1.3.0 Remote Command Execution	18 Jul 202400:00	–	nessus
BDU FSTEC	The vulnerability of the Apache HugeGraph graph database server, related to the ability to bypass the authentication process, allows attackers to execute arbitrary code.	7 Jun 202400:00	–	bdu_fstec

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache HugeGraph-Server",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "1.3.0",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
hugegraph	www.hugegraph.apache.org/docs/config/config-authentication/
openwall	www.openwall.com/lists/oss-security/2024/04/22/3
lists	www.lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9

01 May 2024 17:09Current

6.9Medium risk

Vulners AI Score6.9

EPSS0.9921